Creating applications by utilizing a traditional developer workflow or toolset can present a number of challenges to developers that they may not encounter until their project scales, they try to move their stack into a hybrid cloud environment, or try to update multiple clusters at one time. Apcera hopes to help reduce some of the stress involved with these tasks by introducing not only a new way to deploy applications, but a way to integrate the management, streamlining, and creation of workflows.
The video series below provides a short tutorial showing how to use the Apcera Community Edition cloud platform for building a cluster, as well as creating applications and microservices. The series also delves into potential use cases developers may want to consider when selecting a platform, and getting a cluster running. The tutorials also explore the unique features available in the Community Edition of Apcera to those in both DevOps and IT Ops roles.
Video 1: Building a Cluster
In the first part of the tutorial, Apcera software architect Joshua Ellithorpe dove into the background of Apcera Community Edition, highlighting some of its core features. When first logging into the Apcera Community Edition launch page, the first thing developers may notice is a streamlined, easy-to-navigate dash with clear labeling. They won’t find any curious symbols meant to signify menus here.
The next thing users will notice is the splitting of roles. Apcera took note of what different users would need from the platform. The left-hand side column is dedicated to everything a developer could need, including information on what is running in their sandbox, the option to navigate directly to the developer portal, and the ability to import Docker applications and create a new Ubuntu OS in a container.
On the IT Ops side, users have shortcuts to clusters, instance management, jobs currently in a warning state, and creating new policy documents. Both roles have access to their recently viewed projects.
Why not just use containers? Simple. Ellithorpe explained that containers by themselves simply are not enough in today’s environments. Without the proper isolation and security, many issues can arise. One of Apcera’s goals in getting the Community Edition into the hands of developers was to show that these platforms don’t have to lack security features.
While 12-factor app development methodology has been very successful in a number of services, Ellithorpe noted that the method does have its shortcomings. In particular, when developers try to extend a framework beyond its limits, things can quickly get difficult. Apcera set out to change this, “We want to provide APIs and frameworks to allow you to deploy any type of app you want, even apps that have never been containerized. You’re not limited to just Docker. You should be able to stage applications that run on a normal Linux machine, but haven’t necessarily been containerized to Docker.” said Ellithorpe.
Video 2: Building Apps and Microservices
In the second part of this tutorial series, the initial Apcera CE demo cluster used for creating microservices is deployed to AWS. Ellithorpe noted that while Apcera CE supports a number of platforms, it is not well-suited for use on a laptop and your mileage may vary.
When accessing the cluster view menu, users are then shown two instance managers. On the left, cluster information and the number of running data centers is displayed. The top column shows current RAM usage, while the bottom column displays overall disk utilization. Instance managers are responsible for bringing up and down containers. These particular demos are in a cluster with 18 jobs running and 20 instances of each job.
If users want to hit the ground running, the application list is where they will want to be. The Apcera Community Edition’s application list is comprised of many programs a user might deploy, such as Node or a Python runtimes. Users also have the option to launch Docker in its own interface, selecting and operating system and any additional services such as MySQL. They can also link directly to a Docker hub image if need be.
After spinning up a NATs messaging service, Ellithorpe went on to showcase that developers are able to see not only running instances of the application, but the instance manager they are running on, the start command for deploying the app, and overall resource utilization. Metrics such as networking, disk, and CPU usage are tracked and can also be collected. This granularity is offered throughout Apcera Community Edition, which Ellithorpe explained is key for ensuring a proper audit chain.
Apcera also offers what it calls capsules, containers designed to run operating systems while also ensuring overall network and infrastructure security. Ellithorpe went on to create a capsule from within the CLI based on Ubuntu with an Ubuntu image. In contrast to Docker’s open network approach, Apcera’s model is that things should not have open reign on one’s network. As such, full network isolation is enforced for every container Apcera spawns by default unless policies state otherwise.
An attempt by Ellithorpe to curl Google.com was met with a failure, showing that the container was not set to allow outbound connections. “In a production environment, certain things should only be able to talk to other things. You want to be able to reduce the blast radius if something is compromised. By opening routes as needed, containers only talk to things they need to function.” said Ellithorpe. After updating the Ubuntu capsule to allow outbound access, curl’ing Google returned a successful result.
Video 3: Use Cases
In the third tutorial segment, Ellithorpe highlights some potential use cases of Apcera CE, along with its workflow automation features and the benefits these have to developers working at scale.
Apcera has created what it calls stagers, which are similar to Heroku buildpacks. These stagers are designed to automate one’s workflow pipeline, while also allowing users the ability to create different policies based on what team is responsible for them. Stagers can be controlled to allow only certain users access, and offer the ability to see who caused an issue or when it occurred.
Apcera Community Edition creates its packages within the system itself based on policies set by users. “When you stage an app in CE, we create a package that is just your staged app. It doesn’t include any OS bits. We dynamically the build file system based on what the policy tells us is appropriate,” Ellithorpe said.
Ellithorpe navigated into the CLI and deployed a simple todo application in Node. After launching two instances, the package was created and uploaded to stagers. The stager noted that the app was a Node.js app. “As the packages are called out, it noticed the application needed Node, Git, and Python to function,” Ellithorpe noted. Apcera CE then picked up the Node stagers, installed all the necessary modules, and gave a URL where users could preview their application.
After navigating to the Node package, users are able to see that the Node.js demo todo app is using that particular package. If a developer has 5,000 jobs in production, Apcera CE will list all the jobs using a package by clicking on it. This is particularly useful when updating applications with new features or bug fixes.
The authorization settings in Apcera offer developers flexibility, with the ability to support oAuth2. However, if a team is looking for Crowd integration or other enterprise-level authorization tools, this would need to be done with Apcera’s enterprise platform.
Video 4: Getting a Cluster Up and Running
In the final demo tutorial, Ellithorpe demonstrated how to set up a cluster. Developers wanting to spin up their own cluster on Apcera CE will find themselves working with the APC command line, ie. apc-console. From this CLI, users can deploy applications, import packages, and stage pieces of their application.
Ellithorpe highlighted what he sees as a huge red flag in today’s environments, the ability to SSH into jobs that are running in production. “Going and manually touching a production instance means I don’t get an audit log, I don’t know what actions happened, and the state of that thing is different than expected.”
Apcera solves this in two ways: One is with ephemeral credentialing. Another is through cloning an application into an environment strictly for testing. After entering the apc-console of the previously created Node.js todo application, Ellithorpe created a copy of it. After looking at the environment variables, they quite simply don’t make sense, but for a good reason, Ellithorpe explained: Only this particular job can access them. “If we go ahead and create a new console environment, the usernames and passwords have now changed. They aren’t real, they’re just what users get for a particular job instance. With unique credentials, when devs are developing apps, they don’t need to know the real credentials.”
Apcera hopes that features such as full database persistence, network isolation, and its unique approach to packages, stagers, and capsules will bring about change in the enterprise-level PaaS environment. “The dream to us of the modern PaaS is that everything is possible, and the things you do most often are easy and automated,” said Ellithorpe.
Working with Stagers in Apcera CE is not only flexible but provides an opportunity for developers to utilize these workflows with other pieces of their stack. Apcera has sample stagers for Meteor, Littlebits (which won the COMPANY the maker Hackathon at this year’s Dockercon), New Relic, and more. “Any application dependencies are downloaded to the Stager and once it’s restarted, you can run database migrations, tests, set start commands, say where workloads are saved, set environment variables, and say it’s done. Nothing complicated there,” Ellithorpe said.
The Apcera Developer Portal also launched with the CE platform, which offers a variety of tips, tricks, and tools for devs looking to get started with Apcera. These include video tutorials from the Apcera product team, links to the community where users can ask questions, to the Apcera open source community, sample applications, package scripts, sample stagers, and generally everything needed to get started with the platform.
“We’re always looking for feedback,” Ellithorpe noted as the tutorial came to a close.
Apcera is a sponsor of The New Stack.
Feature image via Pixabay.
The New Stack is a wholly owned subsidiary of Insight Partners, an investor in the following companies mentioned in this article: Docker.